Reverse Engineering Reading List
If any of the links are down and you can't retrieve them on archive.org, contact me and I can give you a copy of the document.
Software & Libraries
- IDA Pro: The KING IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all.
- Ghidra: Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, Mac OS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of process instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python.
- Binary Ninja: A reverse engineering platform. It focuses on a clean and easy to use interface with a powerful multithreaded analysis built on a custom IL to quickly adapt to a variety of architectures, platforms, and compilers.
- Capstone: Capstone is a lightweight multi-platform, multi-architecture disassembly framework. Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
- Hopper: Hopper is a reverse engineering tool for OS X and Linux, that lets you disassemble, and decompile your 32/64bits Intel Mac, Linux, Windows and iOS executables! Based on capstone, scriptable.
- PeachPy: Portable efficient assembly code-generator in higher-level python.
- Radare2: Portable reversing framework for disassembly, debugging, forensics, etc. Based on capstone, scriptable.
- x64dbg: Open source x64/x32 Windows debugger. Heir to Olly.
- re_lab: A portable reverse engineering environment using docker.
Android
Assembly / Disassembly
- Analyzing Uncommon Firmware
- ARM v7 Disassembling
- UROBOROS - Reassembling Disassembling - a tool that can disassemble executables to the extent that the generated code can be assembled back to working binaries without manual effort.
Basics
- Reverse Engineering 101 Speaker Presentation
- Reverse Engineering 101 - NYU: Poly 2010: Intro to Reverse Engineering given at NYU:Poly on October 4th, 2010 by Aaron Portnoy and Peter Silberman.
- Reverse Engineering 102 - NYU: Poly 2010: Intro to Reverse Engineering (Day 2) given at NYU:Poly on October 11th, 2010 by Aaron Portnoy and Peter Silberman.
- CTF Field Guide
Books
- Modern X86 Assembly Language Programming: 32-bit, 64-bit, SSE, and AVX: Fundamentals of x86 assembly language programming. It focuses on the aspects of the x86 instruction set that are most relevant to application software development.
- Practical Malware Analysis: Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.
- Practical Reverse Engineering: The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples.
- Reversing: Secrets of Reverse Engineering: Beginning with a basic primer on reverse engineering-including computer internals, operating systems, and assembly language-and then discussing the various applications of reverse engineering, this book provides readers with practical, in-depth techniques for software reverse engineering.
- Reverse Engineering for Beginners: Available in english and russian, this ebook is a good introduction for beginners. Numerous topics are touched : Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH.
- The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler: Hailed by the creator of IDA Pro as "profound, comprehensive, and accurate," the second edition of The IDA Pro Book covers everything from the very first steps to advanced automation techniques.
Data Structures
- Automatic Reverse Engineering of Data Structures from Binary Execution [PDF]
- Digging For Data Structures [PDF]
- Howard: a dynamic excavator for reverse engineering data structures [PDF]
- MemPick: High-Level Data Structure Detection in C/C++ Binaries [PDF]
- TIE: Principled Reverse Engineering of Types in Binary Programs [PDF]
Exploitation
- Automated Vulnerability Discovery Techniques [PDF]
- Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer [PDF]
- Memory Graph Approach for Program Data Introspection and Modification [PDF]
- Remote Exploitation of an Unaltered Passenger Vehicle [PDF]
Instruction Sets
- Intel® 64 and IA-32 Architectures Software Developer Manuals: These manuals describe the architecture and programming environment of the Intel® 64 and IA-32 architectures.
- X86 Opcode and Instruction Reference: This reference is intended to be precise opcode and instruction set reference (including x86-64). Its principal aim is exact definition of instruction parameters and attributes.
- JSON x86-64 Intel instruction set: The entire x86-64 Intel instruction set in a machine readable JSON format up to AVX-512.
- X86-64 Reference: Derived from the September 2014 version of the Intel® 64 and IA-32 Architectures Software Developer’s Manual, volumes 2A and 2B. Uses PDF mining to generate the reference from official Intel docs.
Mac and iOS
- iOS App Reverse Engineering: iOS App Reverse Engineering is the world's 1st book of very detailed iOS App reverse engineering skills
- iOS Kernel Security [PDF]
- Jailbreaking Techniques [PDF]
- Reversing iOS Apps: A Practical Approach [PDF]
Malware Analysis
Please refer to the additional document
Network
Reverse Engineering of Protocols from Network Traces [PDF]
Obfuscation and Deobfuscation
Research Tools
Unpacking
- The Art of Unpacking [PDF]
Windows
Driver Signature Enforcement
- Defeating Windows Driver Signature Enforcement #1: default drivers
- Defeating Windows Driver Signature Enforcement #2: CSRSS and thread desktops
- Defeating Windows Driver Signature Enforcement #3: The Ultimate Encounter
- DSEFix - Defeating x64 Driver Signature Enforcement: Using exploitable signed drivers - VirtualBox driver
Other
Patch Guard
- Bypassing PatchGuard on Windows x64
- Disable PatchGuard Vista & Windows 7
- Disable PatchGuard Windows 8 & Windows 10
- Universal Patchguard and Driver Signature Enforcement Disable
Win32
- PInvoke.net: PInvoke.net is primarily a wiki, allowing developers to find, edit and add PInvoke* signatures, user-defined types, and any other information related to calling Win32 and other unmanaged APIs from managed code (written in languages such as C# or VB.NET).